Presentation is loading. Please wait.

Presentation is loading. Please wait.

Motivation ✓ ✘ ? Bitcoin/Ideal Credit Card Works on Internet

Published byAriel Day Modified over 7 years ago

Similar presentations

Presentation on theme: "Motivation ✓ ✘ ? Bitcoin/Ideal Credit Card Works on Internet"— Presentation transcript:

1

2 Motivation ✓ ✘ ? Bitcoin/Ideal Credit Card Works on Internet
No trusted central authority Anonymity/psuedonymity Non-reversible Difficult to steal ? Low cost for small transactions

3 Basic idea Create statements assigning ownership of BTC from one party to another (transactions) Parties identified by public key Parties broadcast public keys, anyone can send money to that key Sign transactions with private key of owner of BTC Addresses the theft issue Only owner of private key corresponding to the public key can reassign ownership e.g. Alice wants to give 1 BTC to Bob online Create signed “transaction” statement assigning 1 BTC of hers to him

4 Challenges Where did Alice’s BTC come from?
How can she prove to Bob that she owned a BTC to give to him? How can Bob ensure she didn’t give the same BTC to Chris already? double spending

5 Transactions Idea: chain transactions
New transactions will indicate transactions from which they draw ownership T11 T12 C -> A: 1 BTC h(T10) A -> B: 1 BTC h(T11) h(T11) signed(C) signed(A)

6 Verification? Check signature on T12, extract h(T11)
Find T11, repeat (ignore the base case for the moment) T11 T12 C -> A: 1 BTC h(T10) A -> B: 1 BTC h(T11) h(T11) signed(C) signed(A)

7 Challenges Where did Alice’s BTC come from?
How can she prove to Bob that she owned a BTC to give to him? How can Bob ensure she didn’t give the same BTC to Chris already? double spending Where did the first BTC come from?

8 Ledger Create a public, shared ledger book that lists all transactions ever Alice sends Bob a transaction for BTC Bob checks integrity and verifies signatures Now knows that Alice owned the BTC at some point at least Bob checks to ensure h(T11) hasn’t already appeared in another transaction in the ledger Only after that is it safe to give product to Alice Q: Why doesn’t Bob need to check if T10… is double spent? T12 A -> B: 1 BTC h(T11)

9 Ledger Without Centralization?
Today banks are the ledger Ledger is materialized and easy to see at the bank web site How can we do the same in a decentralized way? With untrusted peers? With high churn? With high availability? Disturbingly like Byzantine consensus on an unprecedented scale… Key idea: force Alice to work with the majority of the nodes to get entries into the ledger If majority is honest, then ledger will not contain double spending

10 Step 1: Broadcast to P2P network
A -> B 1 BTC I got it from transaction 0x92718 Sincerely, A

11 Step 2: Create “Blocks” and chain them
Think of a block of transactions as a page in the ledger Some nodes may miss messages! Nodes will be simultaneously creating different/competing blocks! A->B 1 BTC from 0x92718 signed A J->K 10 BTC from 0x82812 signed J B->K 5 BTC from 0x signed F Prior block: Nonce: A -> B 1 BTC I got it from transaction 0x92718 Sincerely, A

12 Step 2: Create “Blocks” and chain them
Block “extends” the chain by including the hash of the prior block After extending the chain, sends around to other peers All transactions are made public in a common chain Bob can consult this to see if Alice already spent the money she got in transaction 0x92718, if she hasn’t then he’s golden A->Z 1 BTC from 0x11171 signed A Q->P 10 BTC from 0x28129 signed J T->W 5 BTC from 0x signed F Prior block: h(block1) Nonce: A->B 1 BTC from 0x92718 signed A J->K 10 BTC from 0x82812 signed J B->K 5 BTC from 0x signed F Prior block: h(block2) Nonce:

13 Key Problem: forking the chain
What if Alice colludes with a node in the P2P network What if the node creates one block where she gave the coin to Bob and one where she gave it to Chris? A->Z 1 BTC from 0x11171 signed A Q->P 10 BTC from 0x28129 signed J T->W 5 BTC from 0x signed F Prior block: h(block1) A->B 1 BTC from 0x92718 signed A Prior block: h(block2) A->C 1 BTC from 0x92718 signed A Prior block: h(block2)

14 How do we stop this? Honest nodes always work to extend the longest chain Pace extending the chain by requiring computational effort Why does this help? To get Bob to accept A->B and Chris to accept B->C she must create two chains The first with A->B that is the longest chain Then, a second longer than the first without A->B but with B->C But if majority of nodes are honest then longest chain grows rapidly Hard to tack on A->B then race the majority to get B->C in a fork

15 How do we make block creation slow for one but fast for majority?
“Proof of work”: only accept blocks on which “a lot” of computational effort was invested to generate Idea: include a “nonce” in each block, force block creator to fill in a nonce that forces h(block) to start with some number of zeroes Requires O(2^n) hash attempts to create such a block If hash values distributed evenly and collision resistant Majority requires block hashes lead with enough zeroes “Enough” is chosen dynamically over time by the majority Pace block generation to about 10 minutes per block among majority

16

17 Honest Chain Grows Wicked Fast
Majority B1 A->B

18 Honest Chain Grows Wicked Fast
Majority B1 B2 A->B

19 >> 30 mins B2’ B3’ B4’ Honest Majority B1 B2 A->C A->B

20 >> 30 mins B2’ B3’ B4’ Honest Majority B1 B2 B3 B4 B5 B6 B7 B8 B9 A->C A->B To seal Alice’s fate, Bob waits a period of time after he gets A->B relative to the value of the transfer. Longer the wait, the harder it is for Alice to fork history because she has to “outperform” the compute power of the honest nodes.

21 Challenges Where did Alice’s BTC come from?
How can she prove to Bob that she owned a BTC to give to him? How can Bob ensure she didn’t give the same BTC to Chris already? double spending Where did the first BTC come from? Why do people run this P2P network? It costs money to participate! Answered by the same mechanism

22 Mining Need an incentive for people to do proof of work and extend chain Need a way for currency to enter the economy (to mint money) Want an incentive for people to use compute to help honest majority rather than fight for evil to double spend Idea: majority will accept an “extra” entry in each block that assigns some BTC to the node whose block is accepted by the network

23 Amount offered as a reward per block goes down by ½ every 4 yrs
Currently 12.5 BTC per block (started at 50); $9, as of Sunday Was $7,452 USD as of last year and 25 BTC A->B 1 BTC from 0x92718 signed A J->K 10 BTC from 0x82812 signed J ->Me 25 BTC from 0x0 signed Me Prior block: h(block2) Nonce: 0x1281f928

24 Conclusion Digital cash, no central authority, anonymity
Simple: signed statements of transfer Key: how we ensure owner of BTC doesn’t try to transfer it twice Idea: “fast moving” monotonic public ledger Easy to add entry, hard to compete with honest nodes to fork ledger Give economic incentive for nodes to drive ledger creation at a rate that no colluding pool of bad guys can compete with

25 Discussion Qs Would you feel safe with 1 BTC? Where would you keep private key for it? ~10 mins commit time for small txns, more for big ones. OK? Are transactions anonymous? How can they be made more so? If I steal bitcoins is it safe to spend them? Is it a problem that there will be a fixed pool of coins? (How) can a BTC be destroyed permanently? What can a bad guy do if he had majority CPU power? Double-spend, but not steal; can revert past transactions, prevent some txns Who is Satoshi? Dude has $735M USD in 1M BTC

Download ppt "Motivation ✓ ✘ ? Bitcoin/Ideal Credit Card Works on Internet"

Similar presentations

Secure Multiparty Computations on Bitcoin

Secure Multiparty Computations on Bitcoin
Bitcoin: A New Internet Currency Stephen Clayton Senior Economic Education Specialist Federal Reserve Bank of Dallas The opinions expressed are solely.

Bitcoin: A New Internet Currency Stephen Clayton Senior Economic Education Specialist Federal Reserve Bank of Dallas The opinions expressed are solely.
Secure Digital Currency: Bitcoin Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources. See the.

Secure Digital Currency: Bitcoin Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources. See the.
COMS 486 Iowa State University Introduction to Bitcoin A P2P Electronic Cash System.

COMS 486 Iowa State University Introduction to Bitcoin A P2P Electronic Cash System.
CS425/CSE424/ECE428 — Distributed Systems — Fall 2011 2011-12-01Nikita Borisov - UIUC1.

CS425/CSE424/ECE428 — Distributed Systems — Fall Nikita Borisov - UIUC1.
Bitcoin. What is Bitcoin? A P2P network for electronic payments Benefits: – Low fees – No middlemen – No central authority – Can be anonymous – Each payment.

Bitcoin. What is Bitcoin? A P2P network for electronic payments Benefits: – Low fees – No middlemen – No central authority – Can be anonymous – Each payment.
Bitcoin Double Spending Attack Karame, Androulaki & Capkun Presented by Subhro Kar CSCE 715, Fall 2013.

Bitcoin Double Spending Attack Karame, Androulaki & Capkun Presented by Subhro Kar CSCE 715, Fall 2013.
Advanced Computer Communications PROFESSOR:STUDENT: PROF. DR. ING. BRAD REMUS STEFAN FEILMEIER - 10.04.2014 - FACULTATEA DE INGINERIE HERRMANN OBERTH MASTER-PROGRAM.

Advanced Computer Communications PROFESSOR:STUDENT: PROF. DR. ING. BRAD REMUS STEFAN FEILMEIER FACULTATEA DE INGINERIE HERRMANN OBERTH MASTER-PROGRAM.
BITCOIN An introduction to a decentralised and anonymous currency. By Andy Brodie.

BITCOIN An introduction to a decentralised and anonymous currency. By Andy Brodie.
The world’s first decentralized digital currency Meni Rosenfeld Bitcoil 29/11/2012Written by Meni Rosenfeld1.

The world’s first decentralized digital currency Meni Rosenfeld Bitcoil 29/11/2012Written by Meni Rosenfeld1.
Bitcoin (what, why and how?)

Bitcoin (what, why and how?)
Bitcoins and the Digital Economy Presented By: Matt Blackman.

Bitcoins and the Digital Economy Presented By: Matt Blackman.
1 Bitcoin A Digital Currency. Functions of Money.

1 Bitcoin A Digital Currency. Functions of Money.
Bitcoin today (October 2, 2015)

Bitcoin today (October 2, 2015)
Bitcoin Jeff Chase Duke University.

Bitcoin Jeff Chase Duke University.
Electronic Cash R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide anonymity.

Electronic Cash R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide anonymity.
Bitcoin Tech Talk Zehady Abdullah Khan (Andy) Graduate Assistant, Computer Science Department, Purdue University.

Bitcoin Tech Talk Zehady Abdullah Khan (Andy) Graduate Assistant, Computer Science Department, Purdue University.
Bitcoin is a cryptographic currency that has been in continuous operation over the last 3 years. It currently enjoys an exchange rate of $4.80 (as of April.

Bitcoin is a cryptographic currency that has been in continuous operation over the last 3 years. It currently enjoys an exchange rate of $4.80 (as of April.
Bitcoin Based on “Bitcoin Tutorial” presentation by Joseph Bonneau, Princeton University Bonneau slides marked “JB”

Bitcoin Based on “Bitcoin Tutorial” presentation by Joseph Bonneau, Princeton University Bonneau slides marked “JB”
Ian Miers, Christina Garman, Matthew Green, Avi Rubin Zerocoin: Anonymous Distributed E-Cash from Bitcoin.

Ian Miers, Christina Garman, Matthew Green, Avi Rubin Zerocoin: Anonymous Distributed E-Cash from Bitcoin.

Similar presentations

Ads by Google